Comments

We're in the beginning development phase of creating a high-end web application. It would be run in a way that has all the features of the download program but through a web interface with new, sophisticated programming. This is probably going to take a year of development work.

Darryl is also going to work on user defined assets--that's been kind of a muddle and he's going to fix all of that so it easier for users to define their own assets for the Monte Carlo.

What are the security risks given that your file would not contain any account numbers, Social Security numbers, mailing address, or names of financial institutions? You can also enter just the first letter of your last name instead of your entire last name, and change your date of birth by one day to further confuse a potential hacker. And I'm sure the folks at ESPlanner have already thought about was to enhance security using secure logins and encrypting the data on their servers. Other online activities (e.g., making a purchase on Amazon, online banking, etc.) are far more risky.

The forum isn't the place to debate cloud-centric security. There are enough F100 examples of incidents, and many more that are not publicized, to give pause for serious reflection. These players typically have large security budgets, far beyond those from ESPlanner, yet the incidents still occur with ever more sophisticated attacks.

FWIW - intentionally altering the information in the database, just distorts its value. In some cases, even changing your DOB by one day can lead to different results.

ESPlanner is a terrific tool and I hope to continue using it for many years to come.

First of all, I use and depend on ESPlanner for our household planning. I do not see any advantage to using or moving in the direction of "Cloud Based" usage. As the above stated, the security and all that goes with it is a big consideration. If you want to offer the option to users that's one thing. The old adage if its not broke don't fix it. Just recently, the White House revealed they had been hacked and was hamstrung for two weeks. If it can happen to them, what makes someone think ESPlanner is impenetrable? No to the Cloud.

The advantage for cloud-based is most likely as an aid in development. It's much easier to maintain code in a central location, with users' versions being always current.

I'd be interested in a model like Office365 where the system is stored locally but updates itself dynamically whenever connected. Data are also stored locally and, optionally, in the cloud. I, for one, would not invoke that option. Others might find it valuable. Perhaps temporary cloud storage would aid customer support but, after the issue is resolved, remove it from there.

I too very strongly suggest a download version for security reasons. You might consider Adobe's Creative Cloud model where all code and data reside on the individual's computer, but the software versioning is through the vendor's "cloud." I would not advocate Adobe's controversial subscription pricing scheme.

The question was asked - what's the threat of putting the data into the cloud? Followed by a suggestion to obfuscate the data as a way of protecting oneself.

First, obfuscation is unlikely to work for numerous reasons. As already explained changing things like DOB can actually screw up results as laws and their application change based on things like DOB.

Second, E$Planner will need to be able to confirm that a cloud account is valid and has paid its bills so even if your raw data is somehow obfuscated and even if that didn't corrupt the results it will always be possible for a hacker to connect the data and the owning account. Yes, there are ways around this but they are so painful that I can't possibly imagine E$Planner cursing those solutions on their customers.

Third, data obfuscation almost never works with anything but the most trivial of data sources. I'm over simplifying but real world attacks have been extremely successful in de-anonymizing data if it contains just 3 or 4 data points much less the ocean of data that E$Planner requires. So you should assume that the data you put into the cloud can be used to easily identify you.

This then begs the question - who cares?

The answer is that the data in E$Planner is a gold mine for identity thieves. It helps to identify who has how much money and what kind of places they use that money. It identifies major purchases, big items of ownership, family plans, etc. It's a more or less complete map to one's entire financial life. Just a wonderful tool for all sorts of identity theft.

Personally what worries me the most is how likely is it that E$Planner can afford to maintain both a cloud and a local PC code base? Even assuming they share the same computation engine the UX is a big piece of code to keep up and running with two different technologies.

Without knowing more about the computation engine it's hard for me to offer any concrete advice. I actually deal with issues like this for a living and am happy to provide a little free consulting [1] if y'all care. You know where to find me (just look at the email).

[1] And no, I'm not looking for a job. My day job keeps me insanely busy. I just want to make sure E$Planner sticks around on the desktop since I depend on it so much.

Other Products

Disclaimer: ESPlanner and all other products provided by Economic Security Planning, Inc. (referred to hereafter as "we" or "our") are educational calculators designed to give you some input in mapping out your financial future, but should not be acted upon as a complete financial plan. MaxiFi Planner and the creators of MaxiFi Planner and any derivative products are not certified, registered, authorized, or any other type of financial planners. ESPlanner and its derivative products are simply tools for helping you think through your economic futures. Any suggestions should be viewed as informative inputs into your own decision-making with respect to saving and the purchase of life insurance. ESPlanner and its derivative products provide neither economic, financial nor tax advice, which can only be delivered to you by authorized professionals. The Social Security benefit estimates produced by ESPlanner are just that -- estimates. Only the Social Security Administration can tell you precisely the benefits to which you will be eligible or are eligible and the amounts you will receive. The estimates provided here may differ from the correct amounts due to mistakes in our computer code of which we are unaware or because of legislated changes in Social Security provisions of which we are unaware or because of delays in our updating our computer code for changes in Social Security provisions. This material is not intended to provide legal, tax or investment advice, or to avoid penalties that may be imposed under U.S. Federal tax laws, nor is it intended as a complete discussion of the tax and legal issues surrounding retirement investing. You should contact your tax advisor to learn more about the rules that may affect individual situations.